diff options
author | Moshe Kaplan <me@moshekaplan.com> | 2020-12-09 22:54:42 -0500 |
---|---|---|
committer | Moshe Kaplan <me@moshekaplan.com> | 2020-12-09 22:54:42 -0500 |
commit | 08a87f3e4c46afa7ca3d52c695be3113adb4b2b7 (patch) | |
tree | 5937f41df328b0a985eb736d53b4f1382b3b4b36 /epan/crypt | |
parent | 86e23155fef6d8ed0e3c34c40281eada1cd7945c (diff) |
dot11decrypt_util: Avoid abusing memory layout
Instead of using a single memcpy which relies
upon struct members being in contiguous
memory, use three separate calls to memcpy.
This fixes Coverity 1460754.
Diffstat (limited to 'epan/crypt')
-rw-r--r-- | epan/crypt/dot11decrypt_util.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/epan/crypt/dot11decrypt_util.c b/epan/crypt/dot11decrypt_util.c index ee21a09045..40801d5c85 100644 --- a/epan/crypt/dot11decrypt_util.c +++ b/epan/crypt/dot11decrypt_util.c @@ -55,8 +55,9 @@ void dot11decrypt_construct_aad( aad[0] = wh->fc[0]; } aad[1] = (UINT8)(wh->fc[1] & FC1_AAD_MASK); - /* NB: we know 3 addresses are contiguous */ - memcpy(aad + 2, (guint8 *)wh->addr1, 3 * DOT11DECRYPT_MAC_LEN); + memcpy(aad + 2, (guint8 *)wh->addr1, DOT11DECRYPT_MAC_LEN); + memcpy(aad + 8, (guint8 *)wh->addr2, DOT11DECRYPT_MAC_LEN); + memcpy(aad + 14, (guint8 *)wh->addr3, DOT11DECRYPT_MAC_LEN); aad[20] = (UINT8)(wh->seq[0] & DOT11DECRYPT_SEQ_FRAG_MASK); aad[21] = 0; /* all bits masked */ |